Suggestion for enhancement to DNS
Paul Vixie
vixie at isc.org
Mon Aug 11 18:40:25 UTC 2008
James Cammarata <jimi at sngx.net> writes:
>> or DNSSEC :-)
>
> Yeah, I'm just reading up on DNSSEC, though it seems like that is a much
> more involved solution, requiring a lot more work to get out. This would
> be a stop-gap methodology to prevent brute force cache poisoning attacks.
we have that now. udp port randomization and a 10Mbit/sec ethernet port
(or a firewall with a 10Mbit/sec rate limit per remote IP address).
--
Paul Vixie
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the bind-users
mailing list